starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-25 16:15:55 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #116] Support custom Certificate for Pining Certificate #112

New issue
Open
opened 2026-03-03 19:15:23 +03:00 by kerem · 20 comments
kerem commented 2026-03-03 19:15:23 +03:00
Owner
Copy link

Originally created by @NghiaTranUIT on GitHub (Apr 12, 2019).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/116

Originally assigned to: @NghiaTranUIT on GitHub.

🐶 Brief

It's crucial to support Custom SSL Certificate for the domain, which is supported by SSL-Pinning.

For instance, Toggl Desktop is using custom Certificate for SSL, so it's impossible to intercept data unless debugging in Debug version.

It's time to support it.

👑 Criteria

  • Able to select Custom Certificate for particular Domain or app
  • Able to intercept the HTTPS content from those requests.
Originally created by @NghiaTranUIT on GitHub (Apr 12, 2019). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/116 Originally assigned to: @NghiaTranUIT on GitHub. ## 🐶 Brief It's crucial to support Custom SSL Certificate for the domain, which is supported by SSL-Pinning. For instance, Toggl Desktop is using custom Certificate for SSL, so it's impossible to intercept data unless debugging in Debug version. It's time to support it. ## 👑 Criteria - [ ] Able to select Custom Certificate for particular Domain or app - [ ] Able to intercept the HTTPS content from those requests.
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@ptrkstr commented on GitHub (Apr 22, 2020):

Hi @NghiaTranUIT, did there happen to be any update on this?
I'm running into the use case where certificate pinning is implemented in an application and in order for testing to occur between multiple testers, we wish to distribute the same certificate between all instances of proxyman.

<!-- gh-comment-id:617594433 --> @ptrkstr commented on GitHub (Apr 22, 2020): Hi @NghiaTranUIT, did there happen to be any update on this? I'm running into the use case where certificate pinning is implemented in an application and in order for testing to occur between multiple testers, we wish to distribute the same certificate between all instances of proxyman.
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Apr 22, 2020):

Hey @patrickbdev I did a research but not sure how to implement this feature from last year. I will research again push this ticket forward and support it next releases soon 👍

<!-- gh-comment-id:617595204 --> @NghiaTranUIT commented on GitHub (Apr 22, 2020): Hey @patrickbdev I did a research but not sure how to implement this feature from last year. I will research again push this ticket forward and support it next releases soon 👍
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@ptrkstr commented on GitHub (Apr 23, 2020):

Another question @NghiaTranUIT , is the certificate unique per Proxyman installation or is it the same across?

<!-- gh-comment-id:618179914 --> @ptrkstr commented on GitHub (Apr 23, 2020): Another question @NghiaTranUIT , is the certificate unique per Proxyman installation or is it the same across?
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Apr 23, 2020):

If you mean the "Certificate" is Proxyman CA Certificate, it's a unique cert, which is locally generated in your machine

<!-- gh-comment-id:618180684 --> @NghiaTranUIT commented on GitHub (Apr 23, 2020): If you mean the "Certificate" is Proxyman CA Certificate, it's a unique cert, which is locally generated in your machine
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Jun 17, 2020):

Good news that I successfully set up local HTTPS with a self-signed certificate. It's the environment to test the Custome Certificate feature that I'm working on 🙌

One question @patrickbdev. What is the format of your certificate? PEM or P12?

<!-- gh-comment-id:645156384 --> @NghiaTranUIT commented on GitHub (Jun 17, 2020): Good news that I successfully set up local HTTPS with a self-signed certificate. It's the environment to test the Custome Certificate feature that I'm working on 🙌 One question @patrickbdev. What is the format of your certificate? PEM or P12?
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@ptrkstr commented on GitHub (Jun 17, 2020):

You legend @NghiaTranUIT !
P12 is what I tend to use.
I notice that Charles supports both:
image

<!-- gh-comment-id:645218636 --> @ptrkstr commented on GitHub (Jun 17, 2020): You legend @NghiaTranUIT ! P12 is what I tend to use. I notice that Charles supports both: <img width="704" alt="image" src="https://user-images.githubusercontent.com/11362913/84871760-4707e600-b0c4-11ea-954d-ae098b462cf9.png">
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Jun 17, 2020):

Just wondering: Which feature do you use? Server Cert or Client Cert or Root Cert 🤔

<!-- gh-comment-id:645219262 --> @NghiaTranUIT commented on GitHub (Jun 17, 2020): Just wondering: Which feature do you use? Server Cert or Client Cert or Root Cert 🤔
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@ptrkstr commented on GitHub (Jun 18, 2020):

Sorry for the late reply @NghiaTranUIT, I wasn't able to get it successfully working, but I believe the root certificate is what I need to change.
I guess whatever allows me to achieve this:

I'm running into the use case where certificate pinning is implemented in an application and in order for testing to occur between multiple testers, we wish to distribute the same certificate between all instances of proxyman.

<!-- gh-comment-id:646034720 --> @ptrkstr commented on GitHub (Jun 18, 2020): Sorry for the late reply @NghiaTranUIT, I wasn't able to get it successfully working, but I believe the root certificate is what I need to change. I guess whatever allows me to achieve this: >I'm running into the use case where certificate pinning is implemented in an application and in order for testing to occur between multiple testers, we wish to distribute the same certificate between all instances of proxyman.
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Jun 18, 2020):

I set up a local self-signed HTTPS server for testing the SSL-Pinning and I confirm that both Root Certificate and Server Certificate are working well as long as we have correct P12 or PEM files (private and cert) 👍

<!-- gh-comment-id:646036770 --> @NghiaTranUIT commented on GitHub (Jun 18, 2020): I set up a local self-signed HTTPS server for testing the SSL-Pinning and I confirm that both Root Certificate and Server Certificate are working well as long as we have correct P12 or PEM files (private and cert) 👍
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@ptrkstr commented on GitHub (Jun 18, 2020):

That’s great @NghiaTranUIT, I appreciate the effort!

<!-- gh-comment-id:646349466 --> @ptrkstr commented on GitHub (Jun 18, 2020): That’s great @NghiaTranUIT, I appreciate the effort!
kerem commented 2026-03-03 19:15:24 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Jun 26, 2020):

Hey @patrickbdev @joanbono, @tobiastom, and @finnsch , here is the good news 🎉

Let check out this BETA build of Custom Certificate:

  • Server Certificate for SSL-Pinning app
  • Client Certificate for Mutual Authentication
  • 🍎 Accept PEM, DER and P12 certificates
Screen Shot 2020-06-26 at 10 54 38

Download: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_2.0.1_Custom_Certificate_v2.dmg
Doc: https://docs.proxyman.io/advanced-features/custom-certificates

<!-- gh-comment-id:649994935 --> @NghiaTranUIT commented on GitHub (Jun 26, 2020): Hey @patrickbdev @joanbono, @tobiastom, and @finnsch , here is the good news 🎉 Let check out this BETA build of Custom Certificate: - ✅ Server Certificate for SSL-Pinning app - ✅ Client Certificate for Mutual Authentication - 🍎 Accept PEM, DER and P12 certificates <img width="816" alt="Screen Shot 2020-06-26 at 10 54 38" src="https://user-images.githubusercontent.com/5878421/85826535-f3298b00-b7ae-11ea-8892-cdbaafe07990.png"> **Download**: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_2.0.1_Custom_Certificate_v2.dmg **Doc**: https://docs.proxyman.io/advanced-features/custom-certificates
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Jun 28, 2020):

Just friendly reminder @patrickbdev @joanbono, @tobiastom, and @finnsch that Proxyman 2.1.0 is released with this feature 👍

Let check it out: https://github.com/ProxymanApp/Proxyman/releases/tag/2.1.0

<!-- gh-comment-id:650764078 --> @NghiaTranUIT commented on GitHub (Jun 28, 2020): Just friendly reminder @patrickbdev @joanbono, @tobiastom, and @finnsch that Proxyman 2.1.0 is released with this feature 👍 Let check it out: https://github.com/ProxymanApp/Proxyman/releases/tag/2.1.0
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@zhangjs commented on GitHub (Mar 2, 2022):

Can proxyman use the corresponding server certificate based on the domain name?

<!-- gh-comment-id:1056024358 --> @zhangjs commented on GitHub (Mar 2, 2022): Can proxyman use the corresponding server certificate based on the domain name?
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 2, 2022):

Hey @zhangjs at the moment, if you provide a Custom Server Certificate, it will use it for all domain names. If you use the Custom Client Certificate, it will support a domain in the Common Name attribute 👍

<!-- gh-comment-id:1056025518 --> @NghiaTranUIT commented on GitHub (Mar 2, 2022): Hey @zhangjs at the moment, if you provide a Custom Server Certificate, it will use it for all domain names. If you use the Custom Client Certificate, it will support a domain in the Common Name attribute 👍
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@zhangjs commented on GitHub (Mar 2, 2022):

I added the correct server certificates for the domain names, but not the root ca, and it prompts the error "The operation couldn’t be completed. (Could not generate dynamic certificate from :443 error 999.) (code=999)"

<!-- gh-comment-id:1056026474 --> @zhangjs commented on GitHub (Mar 2, 2022): I added the correct server certificates for the domain names, but not the root ca, and it prompts the error "The operation couldn’t be completed. (Could not generate dynamic certificate from <domain>:443 error 999.) (code=999)"
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 2, 2022):

Have you added your custom certificate to Keychain access and trust it?

You can check out this section: 7. Import as a Custom Root Certificate at https://docs.proxyman.io/advanced-features/custom-certificates#7.-import-as-a-custom-root-certificate

<!-- gh-comment-id:1056027279 --> @NghiaTranUIT commented on GitHub (Mar 2, 2022): Have you added your custom certificate to Keychain access and trust it? You can check out this section: 7. Import as a Custom Root Certificate at https://docs.proxyman.io/advanced-features/custom-certificates#7.-import-as-a-custom-root-certificate
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@zhangjs commented on GitHub (Mar 2, 2022):

Hey @zhangjs at the moment, if you provide a Custom Server Certificate, it will use it for all domain names. If you use the Custom Client Certificate, it will support a domain in the Common Name attribute 👍

The doc says the client certificates "Use this certificate for SSL-Handshake to specific Server", "SSL-Handshake to your Clients" is what i need, I have the correct server certificate.

<!-- gh-comment-id:1056027992 --> @zhangjs commented on GitHub (Mar 2, 2022): > Hey @zhangjs at the moment, if you provide a Custom Server Certificate, it will use it for all domain names. If you use the Custom Client Certificate, it will support a domain in the Common Name attribute 👍 The doc says the client certificates "Use this certificate for SSL-Handshake to specific Server", "SSL-Handshake to your Clients" is what i need, I have the correct server certificate.
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@zhangjs commented on GitHub (Mar 2, 2022):

I have the correct certificates, I don't want to trust self-signed Root Certificate

<!-- gh-comment-id:1056028946 --> @zhangjs commented on GitHub (Mar 2, 2022): > I have the correct certificates, I don't want to trust self-signed Root Certificate
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@zhangjs commented on GitHub (Mar 2, 2022):

I need proxyman use the corresponding server certificate to handshake the clients based the domain, not generate dynamic certificate.

<!-- gh-comment-id:1056031007 --> @zhangjs commented on GitHub (Mar 2, 2022): I need proxyman use the corresponding server certificate to handshake the clients based the domain, not generate dynamic certificate.
kerem commented 2026-03-03 19:15:25 +03:00
Author
Owner
Copy link

@zhangjs commented on GitHub (Mar 2, 2022):

Have you added your custom certificate to Keychain access and trust it?

You can check out this section: 7. Import as a Custom Root Certificate at https://docs.proxyman.io/advanced-features/custom-certificates#7.-import-as-a-custom-root-certificate

I need intercepting HTTPS Traffic from clients that use SSL-Pinning, Proxyman use the corresponding server certificate based on the domain name is what I need.

<!-- gh-comment-id:1056053336 --> @zhangjs commented on GitHub (Mar 2, 2022): > Have you added your custom certificate to Keychain access and trust it? > > You can check out this section: 7. Import as a Custom Root Certificate at https://docs.proxyman.io/advanced-features/custom-certificates#7.-import-as-a-custom-root-certificate I need intercepting HTTPS Traffic from clients that use SSL-Pinning, Proxyman use the corresponding server certificate based on the domain name is what I need.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#112
No description provided.